Cyber Attack Workshop:
Watch our attacker perform a sneaky spear-phishing attack to take over an admin’s account and impersonate high-profile users with a built-in SSO feature.
Our imposter will steal hundreds of sensitive HR docs from the company’s Google Workspace, create hidden backdoor links, and jump over to Box to exfiltrate customer contracts.
How the attack works:
- Pre-attack recon to figure out who will be an easy target
- Bypass MFA using an advanced phishing technique
- Export the org’s Google Workspace user list
- Impersonate the VP of HR, access her Google Workspace, and steal employee data
- Create hidden sharing links to external Gmail accounts as a backdoor
- Take over a Box super admin account
-Exfiltrate data using a custom public sharing URL
After the simulation, we will show you how proactive policies and cross-cloud investigation features can detect and prevent this type of attack.